CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-30368 – A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30368
A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. ... An attacker can leverage this vulnerability to execute code in the context of a10user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. ... An attacker can leverage this vulnerability to execute code in the context of a10user. • https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369 https://www.zerodayinitiative.com/advisories/ZDI-24-524 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30369 – A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-30369
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369 https://www.zerodayinitiative.com/advisories/ZDI-24-525 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35510
https://notcve.org/view.php?id=CVE-2024-35510
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/QianGeG/CVE/issues/14 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-43849
https://notcve.org/view.php?id=CVE-2023-43849
Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution. • https://github.com/setersora/pe6208 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3969 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3969
This could lead to remote code execution by parsing untrusted XML payload Vulnerabilidad de inyección de entidad externa XML encontrada en OpenTextâ„¢ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •